List methods
Namespace: microsoft.graph
Retrieve a list of authentication methods registered to a user. The authentication methods are defined by the types derived from the authenticationMethod resource type, and only the methods supported on this API version. See Microsoft Entra authentication methods API overview for a list of currently supported methods.
We don't recommend using the authentication methods APIs for scenarios where you need to iterate over your entire user population for auditing or security check purposes. For these types of scenarios, we recommend using the authentication method registration and usage reporting APIs.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ❌ |
Permissions
The following tables show the least privileged permission or permissions required to call this API on each supported resource type. Follow best practices to request least privileged permissions. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permissions acting on self
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | UserAuthenticationMethod.Read | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite, UserAuthenticationMethod.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | UserAuthenticationMethod.Read.All | UserAuthenticationMethod.ReadWrite.All |
Permissions acting on other users
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | UserAuthenticationMethod.Read.All | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite, UserAuthenticationMethod.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | UserAuthenticationMethod.Read.All | UserAuthenticationMethod.ReadWrite.All |
In delegated scenarios with work or school accounts where the signed-in user is acting on another user, they must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
- Global Reader
- Authentication Administrator
- Privileged Authentication Administrator
Note
The authentication administrator only sees masked phone numbers.
HTTP request
List your own authentication methods.
GET /me/authentication/methods
List your own or another user's authentication methods.
GET /users/{id | userPrincipalName}/authentication/methods
Optional query parameters
This method does not support optional query parameters to customize the response.
Request headers
Name | Description |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Request body
Don't supply a request body for this method.
Response
If successful, this method returns a 200 OK
response code and a collection of authenticationMethod objects in the response body.
Examples
Request
The following example shows a request.
GET https://graph.microsoft.com/v1.0/me/authentication/methods
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"value": [
{
"@odata.type": "#microsoft.graph.fido2AuthenticationMethod",
"id": "-2_GRUg2-HYz6_1YG4YRAQ2",
"displayName": "Red key",
"creationDateTime": "2020-08-10T06:44:09Z",
"aaGuid": "2fc0579f-8113-47ea-b116-555a8db9202a",
"model": "NFC key",
"attestationCertificates": [
"dbe793efdf1945e2df25d93653a1e8a3268a9075"
],
"attestationLevel": "attested"
},
{
"@odata.type": "#microsoft.graph.windowsHelloForBusinessAuthenticationMethod",
"id": "b5e01f81-1f81-b5e0-811f-e0b5811fe0b5",
"displayName": "Jordan's Surface Book",
"createdDateTime": "2020-11-27T23:12:49Z",
"keyStrength": "normal"
}
]
}